What is CVE-2016-1476?

CVE-2016-1476 is a medium-severity vulnerability in Cisco Ip_phone_8800, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2016-08-22.

How severe is CVE-2016-1476?

Medium severity. CVSS v3 base score is 5.4 out of 10.

XSS in Cisco Ip_phone_8800

CVE-2016-1476

Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (40.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.

Affected products

Cisco Ip_phone_8800
Cisco Ip_phone_8800_series_firmware — versions 11.0_base
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

20160810 Cisco IP Phone 8800 Series Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Mitigation, Vendor Advisory)
92404 (vdb-entry, x_refsource_BID)
1036595 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2016-1476?: CVE-2016-1476 is a medium-severity vulnerability in Cisco Ip_phone_8800, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2016-08-22.
How severe is CVE-2016-1476?: Medium severity. CVSS v3 base score is 5.4 out of 10.